0 оценок0% нашли этот документ полезным (0 голосов)
29 просмотров3 страницы
Absract: A need exists in HCI to study how issues of trust and privacy can and do affect the ad hoc negotiation of security rules and how they are managed in actual practice. For my dissertation I present data from pilot interviews and observations to examine the physical and electronic security practices of childcares and medical offices. I propose to study the policy breakdowns that affect the security of personal information.
Absract: A need exists in HCI to study how issues of trust and privacy can and do affect the ad hoc negotiation of security rules and how they are managed in actual practice. For my dissertation I present data from pilot interviews and observations to examine the physical and electronic security practices of childcares and medical offices. I propose to study the policy breakdowns that affect the security of personal information.
Авторское право:
Attribution Non-Commercial (BY-NC)
Доступные форматы
Скачайте в формате PDF, TXT или читайте онлайн в Scribd
Absract: A need exists in HCI to study how issues of trust and privacy can and do affect the ad hoc negotiation of security rules and how they are managed in actual practice. For my dissertation I present data from pilot interviews and observations to examine the physical and electronic security practices of childcares and medical offices. I propose to study the policy breakdowns that affect the security of personal information.
Авторское право:
Attribution Non-Commercial (BY-NC)
Доступные форматы
Скачайте в формате PDF, TXT или читайте онлайн в Scribd
Usable Security in Practice: Collaborative Management of
Electronic & Physical Personal Information
Laurian Vega Center for Human-Computer Interaction 2202 Kraft Drive Virginia Tech, VA, USA Laurian@vt.edu study and understand how socio-technical systems manage Keywords security practice. H.5.3 [Information Interfaces & Presentation]: Computer Responding to the need for research in this area, my research Supported Cooperative Work, Theory & Models, Organizational question is: how do socio-technical systems that use sensitive Design; K.5.6 [Management of Computing & Information personal information manage work-practice breakdowns Systems]: Security and Protection surrounding the implicit and explicit rules of process? I have further broken this down into three sub-questions: 1. SECURITY & WORK PRACTICE Traditionally, electronic and physical security was conceptualized · What are the implicit and explicit rules surrounding how as rules, locks, and passwords. More recently, security research medical practices and childcares handle sensitive personal has explored how security is part of a larger socio-technical information? system [8] that involves people using technologies and their · What breakdowns happen when the explicit and implicit environments to create safe praxis. When examining security as rules are not followed? one part of this system, or as a supporting mechanism, issues of · How are breakdowns accounted for, negotiated, and trust [6], privacy [2, 4], and negotiation start to appear: trust, managed in socio-technical systems where sensitive personal because interpersonal relationships are relied upon to work information exists? effectively together; privacy, because people are working with information or details that are sensitive; and, negotiation, because 2. METHODOLOGY the rules or standards that groups are working within encounter I will be focusing on breakdowns in the practice of explicit and breakdowns or instances where rules are not clearly defined [7] implicit policies through the lens of Activity Theory. Implicit and thus requiring changes to be mediated. explicit policies are the cultural norms that exist in the socio- In my dissertation studies I focus on one type socio-technical technical system to support work practices. Dourish et al. [5] go system in two instantiations. The type of socio-technical system I as far as to emphasize the importance of both explicit and implicit will be studying is one in which groups coordinate and manage guarantees in their definition of security: security is “the ability of their clients’ personal information through physical and users to express and rely upon a set of guarantees that the system technological mechanisms. The two instantiations that I will may make, explicitly or implicitly, about its treatment of user data explore are childcare centers and medical centers. In childcare and other resources” (p392, emphasis added). By focusing on the centers workers care for and manage the enrolled children and breakdowns that occur with explicit and implicit policies I will be also the enrolled child’s personal information. In medical centers able to study how socio-technical systems manage system workers manage the patients health along with the patients health perturbations. This management of perturbations is an intrinsic information. The use of two areas allows for generalization across strength of human-mediated security systems, and one similar work environments while also exploring different characteristic that technical systems fail to properly incorporate dimensions (e.g. routines, legislation). [6]. The problem with security policies is that they are often only Pending approval from the Virginia Tech Institutional Review secure in principle. They are seldom secure in practice” [4]. Board, month-long active-participant observations will be Practice is what happens in the moment; it is the activity; it is employed. For these I will be volunteering half days of work at what is actually done. There is a tension that exists between work both a childcare and medical center. The pilot data and resulting practice and security. There has been a plethora of research that data from the month long observations will form the basis for the has demonstrated that when security policies or mechanisms are overall findings of this study. Daily observation logs will be kept not appropriately designed to support work practice, security along with audio recordings and appropriate pictures of breaks down (e.g., creating work-arounds such as writing representative artifacts. Key parts of the audio recordings will be passwords on post-it notes, or as was observed in the pilot studies transcribed verbatim. Breakdowns will then be coded to produce – shouting passwords) [1, 3, 5]. When a breakdown occurs, an emergent understanding of how the socio-technical system though, in a social system, workers do not stop doing work. They employs security in practice. The use of observations and create special cases or methods that allows them to continue – interviews from key stakeholders should provide a complete story. sends in the policies. In this sense, social systems are intrinsically flexible. When we start to think about electronic systems, the 3. PILOT STUDIES & RESULTS reverse is true: electronic systems work according to pre-encoded, Four pilot studies were conducted to explore security issues deterministic rules. It is for this reason that there exists a need to involved in the practice of collaborative sensitive information management: 12 interviews of childcare directors, 13 interviews of medical center directors, follow-up interviews with 4 childcare reproducible. Understanding what information is going to be kept directors, and two to three observations in 4 childcares. All in what space or form, and who has access to those instances is interviews and observations were transcribed. All participants something that is determined by the function of the information were from the southwest area of Virginia. All directors were and also the context surrounding the information use. recruited through a comprehensive list of all area businesses; the response rates were 55% for childcares, and 26% for medical 4. CONTRIBUTIONS OF RESEARCH practices- not including the hospitals. This work will benefit the security, the usable security, and the trust community within human-computer interaction by detailing Three sample findings in regards to explicit and implicit policies a deep exploration of how communities manage explicit and that govern the collaborative management of sensitive information implicit policies. The results from this body of work will be a set are: Human-mediated Access Management, Community of Trust, of properties that will help the design community to create and Information Redundancy. technology and tools to support secure work practice. Human-mediated Access Management. In the case of A second benefit from this work will be the conceptualization of childcares, there are instances when teachers or parents want to be security as more than rules. The application of the Activity able to look at a file. One director said, “When a teacher comes in Theory framework provides a lens for examining how groups and wants access to a file they have to come through me first and internalize and externalize the constructs of security, trust, and they have to tell me their reason basically, you know, why do you privacy. Activity theory literature on breakdowns will provide need to go in there?” This director is explaining how she monitors additional methods of analysis to the security literature. access to the files in a method that is more than simply checking Additionally, there has been a dearth of research studying how access rights to information. She is additionally checking the groups manage and coordinate security and put these constructs teacher’s goal, which extends into managing information privacy. into practice. This work will add to that body of literature and The director’s function is to mediate the information seeker’s goal understanding. in a way that is flexible, negotiated, and determined in a case-by- case fashion to best balance the need for information for work 5. RESEARCH PHILOSOPHY with need to keep information private. I have found that research needs to be balanced between Community of Trust. To balance the need for access to theoretical and practical. I have tried to balance studies of information with the need to keep information secure, technology in relation to constructs like trust and privacy in theory communities of trust emerged within the centers we studied. One but also in real-world situations for my dissertation. I also believe aspect of security that we asked about was the use of passwords. in continuous discussion and reading to stimulate new ideas and Computers, when used for accessing patient information, were encourage knowledge. Last, research needs to be only one part of generally in the director’s space, or the doctor’s office. Of those a researcher’s life. A researcher should have additional interests to medical centers that used electronic systems, only seven (29%) prevent single mindedness. My work on recruitment and retention had individual passwords. When asked why, a director said, of women in science and engineering along with my continual “They can access anything. That’s their job.” This statement efforts to balance work and life reflect this belief. emphasizes that to be able to do the work required for the job security access needs to be relaxed on the basis of trust. Another 6. RELATED PUBLICATIONS example comes from the locking of physical filing cabinets. It is This is a short list of related publications. Please see my website the official policy that filing cabinets containing files should be www.laurianvega.com for a full list of publications. locked when the director is absent: “[files are] all kept in here in a [1] Thomas P. Moran, Tara M. Matthews, Laurian Vega, Barton cabinet that's locked when I’m not here and the door is locked as Smith, James Lin, Stephen Dill. “Ownership and Evaluation well.” The use of a key was, however, never observed. of Local Process Representations”. Published in the Information Redundancy. Beyond the physical file containing Proceedings of INTERACT 2009, the 12th IFIP Conference information about a child or patient, there is information kept in in Human-Computer Interaction, August 24-28, Uppsala, other locations. From a security perspective having only one Sweden. instance to protect is the simplest case. When information, [2] Peggy Layne, Laurian Vega. ADVANCE Portal Website. A however, becomes dispersed to better support individual practice, poster and presentation presented at 2009 Joint Annual security becomes more difficult to manage due to numerous Meeting: Innovation and Leadership through a Diverse access points. In both medical and child practices there were STEM Workforce, June 8-11th, Washington D.C., USA. instances where information was outside the file and distributed in [3] Laurian Vega, Yeong-Tay Sun, D. Scott McCrickard. “Trust, the environment. These include having a physical and an Learning, and Usability”. A poster to Grace Hopper electronic file, having a file for billing and a file for medical Celebration of Women in Computing, September 30 - history, having files for one patient between two medical centers, October 3, Tucson, Arizona. having information on hand in different spaces, and having [4] Gregorio Convertino, Dennis Neale, Laurian Hobby, John M. electronic copies stored in an off-site location. One director Carroll, Mary Beth Rosson. "A Laboratory Method for explains duplicating information in multiple office locations, “We Studying Activity Awareness." In Proceedings of the third fax patient information back and forth... That happens hundreds of Nordic conference on Human-computer interaction, p.313 - times a day…. Always with the big disclaimer this is medically 322, Tampere Finland, October 2004 protected information, and this is intended for so-and-so only.” She explains that someone then files the appropriate information 7. REFERENCES and the remainder is shredded. This duplication of information [5] Adams, A. and A. Blandford, Bridging the Gap Between functions to make sure that information is ready at hand when Organizational and User Perspectives of Security in the necessary for work and ensures that if the information is lost it is Clinical Domain. International Journal of Human-Computer [10] Flechais, I., J. Riegelsberger and M.A. Sasse. Divide and Studies, 2005. 63(1-2): p. 175-202. Conquer: The Role of Trust and Assurance in the Design of [6] Adams, A., A. Blandford, D. Budd and N. Bailey, Secure Socio-Technical Systems. in Proceedings of the 2005 Organizational communication and awareness: a novel Workshop on New Security Paradigms. 2005. Lake solution for health informatics. Health Informatics Journal, Arrowhead, California: ACM. 2005. 11(3): p. 163-178. [11] Kobayashi, M., S.R. Fussell, Y. Xiao and F.J. Seagull. Work [7] Adams, A. and M.A. Sasse, Users Are Not the Enemy, in coordination, workflow, and workarounds in a medical Communications of the ACM. 1999. p. 40-46. context. Conference on Human Factors in Computing [8] Bellotti, V. and A. Sellen. Design for Privacy in Ubiquitous Systems (CHI'07). 2005. Portland, OR, USA: ACM Press, Computing Environments. Proceedings of the Third New York, New York. Conference on European Conference on Computer- [12] Mamykina, L. and E.D. Mynatt. Investigating and supporting Supported Cooperative Work. 1993: Kluwer Academic health management practices of individuals with diabetes. Publishers. Proceedings of the 1st ACM SIGMOBILE international [9] Dourish, P., E. Grinter, J.D.d.l. Flor and M. Joseph, Security workshop on Systems and networking support for healthcare in the Wild: User Strategies for Managing Security as an and assisted living environments. 2007. San Juan, Puerto Everyday, Practical Problem. Personal Ubiquitous Rico: ACM. Computing, 2004. 8(6): p. 391-401.
Security in Practice: Examining The Collaborative Management of Personal Sensitive Information in Childcare Centers and Physician's Offices, Presentation
Security in Practice: Examining The Collaborative Management of Personal Sensitive Information in Childcares and Medical Centers, Dissertation Proposal